A Type-Based Approach to Program Security

This paper presents a type system which guarantees that well-typed programs in a procedural programming language satisfy a noninterference security property. With all program inputs and outputs classified at various security levels, the property basically states that a program output, classified at some level, can never change as a result of modifying only inputs classified at higher levels. Intuitively, this means the program does not “leak” sensitive data. The property is similar to a notion introduced years ago by Goguen and Meseguer to model security in multi-level computer systems [7]. We also give an algorithm for inferring and simplifying principal types, which document the security requirements of programs.

[1]  Peter Ørbæk Can you Trust your Data? , 1995, TAPSOFT.

[2]  MizunoMasaaki,et al.  A security flow control algorithm and its denotational semantics correctness proof , 1992 .

[3]  Andrew K. Wright Simple imperative polymorphism , 1995, LISP Symb. Comput..

[4]  Geoffrey Smith,et al.  Principal Type Schemes for Functional Programs with Overloading and Subtyping , 1994, Sci. Comput. Program..

[5]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[6]  Mads Tofte,et al.  Type Inference for Polymorphic References , 1990, Inf. Comput..

[7]  Mitchell Wand,et al.  On the complexity of type inference with coercion , 1989, FPCA.

[8]  Martín Abadi,et al.  Secrecy by Typing inSecurity Protocols , 1997, TACS.

[9]  J DenningPeter,et al.  Certification of programs for secure information flow , 1977 .

[10]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[11]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[12]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[13]  Jens Palsberg,et al.  Trust in the lambda-Calculus , 1997, J. Funct. Program..

[14]  John C. Reynolds,et al.  Preliminary design of the programming language Forsythe , 1988 .

[15]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[16]  Daniel Le Métayer,et al.  Compile-Time Detection of Information Flow in Sequential Programs , 1994, ESORICS.

[17]  Jerzy Tiuryn Subtype inequalities , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[18]  Geoffrey Smith,et al.  Polymorphic typing of variables and references , 1996, TOPL.

[19]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.